Coder Social home page Coder Social logo

gbrindisi / piof Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ingenuity-fainting-goats/piof

0.0 3.0 0.0 76 KB

PIOF - PHP Instrumentation Open Framework - A dynamic and modulable instrumentation framework for PHP language.

License: BSD 3-Clause "New" or "Revised" License

Dockerfile 0.67% HTML 54.38% Shell 5.33% M4 1.16% C 37.82% C++ 0.64%

piof's Introduction

PIOF - PHP Instrumentation Open Framework

PIOF - PHP Instrumentation Open Framework

What

PIOF - Is a dynamic and modular instrumentation framework for PHP language.

Why

It could be useful for Developers, Reverse Engineers, Malware Analyst, Vulnerability Researcher. With PIOF you should be able to perform:

  • Debugging, Tracing and Performance analysis
  • Instrument code without touching the PHP code
  • Instrument obfuscated PHP code
  • Virtual Patching
  • Prototype IAST and RASP technology

Where

Tested on:

PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

Who

Martino - twitter.com/martinolessio - mlessio6 [ $placeholder_at ] gmail [ $placeholder_dot ] com

Alessandro - twitter.com/rhpco - rakkapriccio [ $placeholder_at ] gmail [ $placeholder_dot ] com

Quick Start

git clone https://github.com/ingenuity-ninja/piof.git
cd piof
./run.sh

Docker

A Docker is used for building and testing process, use the opened shell to interact with the docker machine

root@4e7b7dd9f362:/opt/piof/modules#

Extension

The generated extension is available in the following directory /opt/piof/modules

root@4e7b7dd9f362:/opt/piof/modules# ls -lah
total 100K
drwxr-xr-x 2 root root 4.0K Feb 19 20:55 .
drwxr-xr-x 1 root root 4.0K Feb 19 20:55 ..
-rwxr-xr-x 1 root root  91K Feb 19 20:55 piof.so

It could be included in php.ini or used in command line execution.

Command line run

The extension is enabled in the php.ini configuration file, so it is possible run a command like php -r "system("ls");":

root@4e7b7dd9f362:/etc# php -r "system("ls");"

adduser.conf
aliases
alternatives
apache2
apt
bash.bashrc
bindresvport.blacklist
ca-certificates
ca-certificates.conf
cron.d
[...]

For explicit extension usage it could be used following command with same output.

php -dextension=/opt/piof/modules/piof.so -r "system("ls");"

Logger

All information are logged under following directory /var/log/piof*

Informational

The hooking modules logs information about sink execution in logs file as shown below:

root@4e7b7dd9f362:/etc# tail -f /var/log/piof.info.log

Feb 19 21:05:15 4e7b7dd9f362 piof - system - hook[155]: Arguments 1
Feb 19 21:05:15 4e7b7dd9f362 piof - system - hook[155]: Parameter ls
Feb 19 21:12:17 4e7b7dd9f362 piof - md5 - hook[160]: Arguments 1
Feb 19 21:12:17 4e7b7dd9f362 piof - md5 - hook[160]: Parameter admin

Error

All PIOF extension internal error are logged in following file /var/log/piof.error.log

Hooks Modules

All hooks modules are in following directory /opt/piof/hooks. These modules are buit and loaded by the PIOF core extension so they need to be always available in pair with the piof.so extension. The modules are organized in directory, the directory name is associated to the sink name, every modules contains hook.c and a hook.h files.

root@42e0da0df931:/opt/piof/hooks# ls -lah
total 28K
drwxrwxr-x 1 root root 4.0K Feb 19 20:55 .
drwxr-xr-x 1 root root 4.0K Feb 19 20:55 ..
drwxr-xr-x 2 root root 4.0K Feb 19 20:55 build
drwxrwxr-x 2 root root 4.0K Feb 19 20:24 eval
drwxrwxr-x 2 root root 4.0K Feb 19 20:24 include
drwxrwxr-x 2 root root 4.0K Feb 19 20:24 md5
drwxrwxr-x 2 root root 4.0K Feb 19 20:24 system

and

root@42e0da0df931:/opt/piof/hooks# ls -lah include/
total 16K
drwxrwxr-x 2 root root 4.0K Feb 19 20:24 .
drwxrwxr-x 1 root root 4.0K Feb 19 20:55 ..
-rw-rw-r-- 1 root root  943 Feb 19 20:24 hook.c
-rw-rw-r-- 1 root root  356 Feb 19 20:24 hook.h

The building stage compile all modules and move the .so compiled file in following directory /opt/piof/hooks/build

root@42e0da0df931:/opt/piof/hooks/build# ls -lah
total 184K
drwxr-xr-x 2 root root 4.0K Feb 19 20:55 .
drwxrwxr-x 1 root root 4.0K Feb 19 20:55 ..
-rwxr-xr-x 1 root root  43K Feb 19 20:55 eval.so
-rwxr-xr-x 1 root root  43K Feb 19 20:55 include.so
-rwxr-xr-x 1 root root  44K Feb 19 20:55 md5.so
-rwxr-xr-x 1 root root  44K Feb 19 20:55 system.so

Manual Extension Building

make clean
phpize
./configure
make

Manuale Modules Building

cd /opt/piof/hooks/eval/
gcc -shared -o eval.so -fPIC hook.c -g -Wall -I -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/Zend -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/usr/include/php/20170718 -I/usr/include/php/20170718/main -I/usr/include/php/20170718/TSRM -I/usr/include/php/20170718/Zend -I/usr/include/php/20170718/ext -I/usr/include/php/20170718/ext/date/lib -I ../../
mv eval.so ../build

Manual Testing

Hooked function md5

php -dextension=/opt/piof/modules/piof.so -r "echo md5("admin");"

Hooked function system

php -dextension=/opt/piof/modules/piof.so -r "system("ls");"

License

3-clause BSD license (BSD-3-Clause)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.